First off: I didn't knew in which section this was best to be placed. So I put it up here, since I assume you guys know a lot about unpacking aswell ...

I want to unpack a game-client. Before, I could just unpack it with PE Explorer, it was just a plain simple UPX packer.
But now it's a Modified version and I'm stuck. I know I have to unpack it manually, but I do not have experience with that.

So if anyone would be so kind to just look at it and maybe point me in the right direction.
From what I read, UPX is one of the easiest packers to unpack, so I guess it's a great way to start learning about packers ...
(Oh and, I already tried many public UPX unpackers, and UPX itself aswell, I guess it really is a modified version)

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)_________________

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)

Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks!

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)

Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks!

UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)

Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks!

UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.

That would just unpack it though, no?

I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is.

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)

Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks!

UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.

That would just unpack it though, no?

I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou cannot download files in this forum